× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f7294f2aa1d5faa054c51e4d6405b5f4ffdbbd1c5f97db5c47c556ec2236585
File name: locky2.exe
Detection ratio: 5 / 55
Analysis date: 2016-03-11 10:46:34 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ikarus Trojan-Ransom.Locky 20160311
McAfee-GW-Edition BehavesLike.Win32.Expiro.dh 20160311
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160311
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160311
VBA32 BScope.P2P-Worm.Palevo 20160310
Ad-Aware 20160311
AegisLab 20160311
Yandex 20160310
AhnLab-V3 20160311
Alibaba 20160311
ALYac 20160311
Antiy-AVL 20160311
Arcabit 20160311
Avast 20160311
AVG 20160311
Avira (no cloud) 20160311
AVware 20160311
Baidu 20160310
Baidu-International 20160311
BitDefender 20160311
Bkav 20160310
ByteHero 20160311
CAT-QuickHeal 20160311
ClamAV 20160311
CMC 20160307
Comodo 20160311
Cyren 20160311
DrWeb 20160311
Emsisoft 20160311
ESET-NOD32 20160311
F-Prot 20160311
F-Secure 20160311
Fortinet 20160311
GData 20160311
Jiangmin 20160311
K7AntiVirus 20160311
K7GW 20160310
Kaspersky 20160311
Malwarebytes 20160311
McAfee 20160311
Microsoft 20160311
NANO-Antivirus 20160311
nProtect 20160310
Panda 20160310
Sophos AV 20160311
SUPERAntiSpyware 20160311
Symantec 20160310
Tencent 20160311
TheHacker 20160310
TrendMicro 20160311
TrendMicro-HouseCall 20160311
VIPRE 20160311
ViRobot 20160311
Zillya 20160310
Zoner 20160311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-10 10:50:39
Entry Point 0x00012F5B
Number of sections 7
PE sections
PE imports
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
CreatePropertySheetPageW
ImageList_Create
Ord(17)
PropertySheetW
ImageList_ReplaceIcon
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CreatePolygonRgn
GetWindowExtEx
SetMapMode
TextOutW
SaveDC
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetDeviceCaps
DeleteDC
RestoreDC
SetPixel
PtInRegion
GetObjectW
BitBlt
CreateDIBSection
GetObjectA
ExtTextOutW
CreateBitmap
RectVisible
CreatePalette
SetBkColor
PtVisible
CreateCompatibleDC
CreateRectRgn
DeleteObject
SetDIBColorTable
GetTextColor
Polyline
DPtoLP
GetViewportExtEx
GetTextExtentPoint32W
SetRectRgn
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
SetWaitableTimer
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetFullPathNameW
GetCurrentThread
SetLastError
InterlockedDecrement
CopyFileW
GetModuleFileNameW
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
OpenWaitableTimerA
EnumResourceLanguagesW
ActivateActCtx
GetVolumeInformationW
OpenWaitableTimerW
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
SetUnhandledExceptionFilter
MulDiv
UnlockFile
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
GetDateFormatA
GetFileSize
GlobalDeleteAtom
GetModuleHandleW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
CreateWaitableTimerW
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GlobalAlloc
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
LockFile
lstrlenW
CreateProcessW
CancelWaitableTimer
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
CancelIo
WritePrivateProfileStringW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
GetTimeFormatA
WNetCancelConnectionW
WNetAddConnection2W
SHBindToParent
SHBrowseForFolderW
SHGetFolderLocation
SHFileOperationW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
StrRetToBufW
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
SendMessageA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
ClientToScreen
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
GetTopWindow
GetWindowTextA
InvalidateRgn
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetNextDlgGroupItem
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
IsZoomed
GetWindowPlacement
TabbedTextOutA
IsDialogMessageW
FillRect
SetWindowContextHelpId
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
IsChild
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcA
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
IntersectRect
CharLowerW
SendDlgItemMessageW
PostMessageW
SetWindowTextA
CheckMenuItem
GetClassLongW
SetWindowTextW
GetMenuCheckMarkDimensions
ScreenToClient
GetMenuState
GetSystemMenu
SetForegroundWindow
CreateDialogIndirectParamW
DrawTextA
DrawTextExW
EndDialog
CopyRect
GetCapture
MessageBoxW
GetWindowDC
AdjustWindowRectEx
SetDlgItemTextW
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ValidateRect
IsRectEmpty
GetFocus
wsprintfW
GetDlgItemTextW
SetCursor
RemovePropW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCloneImage
GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdipDeleteGraphics
__p__fmode
_acmdln
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
exit
_XcptFilter
_strdup
__setusermatherr
__p__commode
__CxxFrameHandler
_mbsicmp
_CxxThrowException
_adjust_fdiv
_CIsin
_splitpath
free
__getmainargs
_controlfp
_setmbcp
_vsnprintf
_initterm
_exit
__set_app_type
OleUIBusyW
Number of PE resources by type
RT_ICON 12
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
129536

ImageVersion
0.0

ProductName
Advanced Task Scheduler 32-bit Edition

FileVersionNumber
4.1.0.612

UninitializedDataSize
4096

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
advscheduler_admin.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.0.612

TimeStamp
2016:03:10 11:50:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Advanced Task Scheduler 32-bit Edition

ProductVersion
4.1.0.612

FileDescription
Advanced Task Scheduler 32-bit Edition

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Southsoftware.com, 2002-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Douthsoftware.com

CodeSize
80384

FileSubtype
0

ProductVersionNumber
4.1.0.612

EntryPoint
0x12f5b

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 62f8f2e9c14ba958e8739a09fdd1cb68
SHA1 94b3a77a5a8e3a676356759c9be4224637aaa205
SHA256 0f7294f2aa1d5faa054c51e4d6405b5f4ffdbbd1c5f97db5c47c556ec2236585
ssdeep
3072:DgXEOQzSM7Ac5njmafSy74wuLAGE7/H/6kNd/ekaPaTAyppah6:UXEVSBinq/Y4Y6kP/V

authentihash 00d88a196b247c452f1dc8253a6749ab88a7ba33f20112202923c6ef0797a6c8
imphash 6021b94c0fdb81e21d2d9963dbdac8c3
File size 205.5 KB ( 210432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-11 09:42:26 UTC ( 3 years, 2 months ago )
Last submission 2017-08-07 22:31:59 UTC ( 1 year, 9 months ago )
File names 0954t4h45.exe
VirusShare_62f8f2e9c14ba958e8739a09fdd1cb68
aa
locky2.exe
62f8f2e9c14ba958e8739a09fdd1cb68
NJrbeiq.hta
0954t4h45
0954t4h45
0f7294f2aa1d5faa054c51e4d6405b5f4ffdbbd1c5f97db5c47c556ec2236585
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications